15:01:51 <gagehugo> #startmeeting security 15:01:52 <openstack> Meeting started Thu Aug 9 15:01:51 2018 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:01:54 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:01:56 <openstack> The meeting name has been set to 'security' 15:02:14 <gagehugo> ping eeiden fungi gagehugo lhinds nickthetait browne redrobot 15:02:17 <redrobot> o/ 15:02:25 <gagehugo> #link https://etherpad.openstack.org/p/security-agenda 15:03:00 <gagehugo> redrobot o/ 15:03:17 <redrobot> gagehugo, 👋 15:03:39 <fungi> yup, also in tc office hour as usual 15:04:55 <gagehugo> probably will be a shorter meeting 15:05:07 <gagehugo> #topic OSSN/OSSA 15:05:16 <gagehugo> fungi any updates? 15:05:31 <fungi> let's see... 15:06:25 <fungi> #link https://launchpad.net/bugs/1784259 Neutron RBAC not working for multiple extensions 15:06:25 <openstack> Launchpad bug 1784259 in OpenStack Security Advisory "Neutron RBAC not working for multiple extensions" [Undecided,Incomplete] 15:06:45 <fungi> that's been switched to public as of saturday 15:07:28 <fungi> the corresponding fixes are still under review 15:07:58 <gagehugo> hmm 15:08:00 <fungi> and no confirmed status from the vmt that it's a vulnerability in need of an ossa (which will depend somewhat on how the fixes for it shake out) 15:08:37 <fungi> if anyone has opinions on this issue or wants to help out, you're very welcome to do so 15:09:08 <gagehugo> policy is always fun 15:10:06 <fungi> i don't think there are any other public developments worth mentioning since last week 15:10:50 <gagehugo> fungi: thanks! 15:11:01 <gagehugo> #topic Documentation 15:11:13 <gagehugo> I don't have any updates for this 15:12:09 <gagehugo> #topic Threat Analysis Documents 15:12:25 <gagehugo> there is a review for pycadf: https://review.openstack.org/#/c/529945/ 15:12:41 <gagehugo> I think that is pretty close 15:12:59 <gagehugo> keystonemiddleware - https://review.openstack.org/#/c/526476/ 15:13:02 <gagehugo> also pretty close 15:13:46 <gagehugo> fungi not sure about your availability, but when lhinds gets back I was wondering if we could schedule time to review the pycadf one 15:13:57 <gagehugo> it's pretty simple imo 15:14:16 <fungi> sure can try. no promises, but yes sounds good 15:14:56 <gagehugo> keystonemiddleware will likely take more involvement 15:15:11 <gagehugo> that's all I got for that though 15:15:17 <gagehugo> #topic PTG 15:15:32 <gagehugo> I created an etherpad for the security sig 15:15:39 <gagehugo> #link https://etherpad.openstack.org/p/security-stein-ptg 15:16:12 <fungi> as always, i'll be at the ptg. if you're getting into a topic you want me to weigh in on definitely give me a heads up in #openstack-ptg or something so i can switch rooms/hats 15:16:21 <gagehugo> I will reach out to Ade about how barbican is wanting to schedule their agenda, and see where we can figure in our topics 15:16:59 <gagehugo> fungi: sounds good 15:17:09 <gagehugo> we share a room on Mon/Tue 15:17:32 <gagehugo> I think the keystone cross-project is scheduled for monday so that will probably take a good portion of my day 15:17:46 <gagehugo> #topic General Discussion 15:18:02 <fungi> #link https://review.openstack.org/586896 Remove Security project team 15:18:05 <fungi> that merged on monday 15:18:10 <fungi> the security team is dead, long live the security sig 15:18:28 <gagehugo> heh 15:19:00 <gagehugo> I was going to suggest canceling next week's meeting (unless anyone want's to chair) 15:19:10 <gagehugo> I will be out, and I believe lhinds is out as well 15:19:46 <fungi> fine with me. i'd be a poor chair since i'm already splitting my time during this slot 15:20:56 <gagehugo> I will mark it as canceled then for next week (and send out an email to the ML) 15:21:11 <gagehugo> otherwise this room is available at this time next week if anyone wants to use it 15:21:23 <gagehugo> that's all I got 15:21:44 <gagehugo> redrobot do you have anything? 15:21:59 <redrobot> gagehugo, negative, just lurking 15:22:17 <gagehugo> ok 15:22:24 <gagehugo> thanks for coming everyone, have a good weekend! 15:22:28 <gagehugo> #endmeeting